<!DOCTYPE HTML>
<html>
<head>
  <title>Test if XSLT stylesheet is subject to document's CSP</title>
  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
  <p id="display"></p>
  <div id="content" style="display: none"></div>
  <iframe style="width:100%;" id='xsltframe'></iframe>
  <iframe style="width:100%;" id='xsltframe2'></iframe>

<script class="testbody" type="text/javascript">

SimpleTest.waitForExplicitFinish();

// define the expected output of this test
var header = "this xml file should be formatted using an xsl file(lower iframe should contain xml dump)!";

var finishedTests = 0;
var numberOfTests = 2;

var checkExplicitFinish = function() {
  finishedTests++;
  if (finishedTests == numberOfTests) {
     SimpleTest.finish();
  }
}

function checkAllowed () {
  /*   The policy for this test is:
   *   Content-Security-Policy: default-src 'self'
   *
   *   we load the xsl file using:
   *   <?xml-stylesheet type="text/xsl" href="file_bug663467.xsl"?>
   */
  try {
    var cspframe = document.getElementById('xsltframe');
    var xsltAllowedHeader = cspframe.contentWindow.document.getElementById('xsltheader').innerHTML;
    is(xsltAllowedHeader, header, "XSLT loaded from 'self' should be allowed!");
  }
  catch (e) {
    ok(false, "Error: could not access content in xsltframe!")
  }
  checkExplicitFinish();
}

function checkBlocked () {
  /*   The policy for this test is:
   *   Content-Security-Policy: default-src *.example.com
   *
   *   we load the xsl file using:
   *   <?xml-stylesheet type="text/xsl" href="file_bug663467.xsl"?>
   */
  try {
    var cspframe = document.getElementById('xsltframe2');
    var xsltBlockedHeader = cspframe.contentWindow.document.getElementById('xsltheader');
    is(xsltBlockedHeader, null, "XSLT loaded from different host should be blocked!");
  }
  catch (e) {
    ok(false, "Error: could not access content in xsltframe2!")
  }
  checkExplicitFinish();
}

document.getElementById('xsltframe').addEventListener('load', checkAllowed, false);
document.getElementById('xsltframe').src = 'file_bug663567_allows.xml';

document.getElementById('xsltframe2').addEventListener('load', checkBlocked, false);
document.getElementById('xsltframe2').src = 'file_bug663567_blocks.xml';

</script>
</body>
</html>
